OK I got it. Had to setup a simple vpn traffic rule and allow pap authentication on the radius server.

The problem did turn out to be the provider, just for the record.  2.1.4 is fine at least regarding this issue.

@lokeshjango: hie guys i have configured strong vpn in my pfsense using open vpn setting. i basically want to set up my pfsense machine as a gateway so that all intranet traffic should go through my newly setup vpn interface in pfsense. as of now in system log openvpn showing no error. but after configuring from my intranet/LAN machine i am not able to access internet. i am not finding any solutions. https://forum.pfsense.org/index.php?topic=29944.0 and https://forum.pfsense.org/index.php?topic=59589.0 please help me as i am stuck on this point .. one more doubts i have just come in mind , how will configure my lan machine after configuring vpn in pfsense, i mean gateway?

I think I may have solved this with help from Zack__ on IRC. I'll update this when confirmed.

Looks like your PF has difficulties to route from OVPN client to LAN. Check your FW rules ?

Check this thread for having a smoother GW failure handling for small Alix architecture : https://forum.pfsense.org/index.php?topic=73243.15 Try not to ping Google as the server could response from a far location and produce high pings. Pinging too far can transform a ISP routing failure into a false link failure (seen from PF). So try to ping something close to you (geographically and/or in terms or router hop), but not your ISP GW : some routers (like Cisco does) are known to drop some ICMP ping replies (even if not under heavy load) and thus produce false high response time or false loss.

Is the vpn gateway in the same subnet as the vpn tunnel? Your vpn address is 10.200.5.x, but in the route command you used 10.200.4.0/24. These would be different subnets. What is your OPT1 interface? You have used the LAN address in rules there, but this is the address on LAN interface and will have no effect in these rules.

Strange but I just happened to notice that the vmware router was configured to simulate a slow link. Changed it to unlimited and the copy started to work. Happy for that but it still doesn't explain the firewall logs though. Will have to try and figure that out separately. Thanks for the reply.

Found it!!! Obviously, the office doesn't route my home LAN addresses. So I have to use outbound NAT with the IP address assigned to me. Once I had created a NAT outbound rule for interface OpenVPN, that NATs all my LAN traffic over the "Interface address", things started working like a charm. Nice, happy camper! :) Cheers, Jan

Then you'll also have to provide info about your BGP config on each node. That's not a typical VPN configuration and should have been disclosed in the original post.

If you have any/any on both sides, it's probably a routing issue, but we need the .conf files from both sides to troubleshoot effectively.

@jimp: Are you running those commands from the ssh shell, or from Diagnostics > Command? They should be run from the shell (ssh or console) thank you, i've logged in using SSH. @johnpoz: You do understand that is just the little export wizard thing, its is not openvpn.  When you say openvpn is missing from your settings that seems more involved than the export wizard package having issues. exactly, i mean the openvpn was already installed, after the update my exisiting client just stops working. so tried to export it again but it gone. and can't reinstall it

Since that port is on the remote side, not local, it does not conflict. That's like asking if you can access two different web servers at the same time since they both use port 80. :-) In your OpenVPN client settings, don't set your local port to 1194, only the remote port.

I've configured an oubound NAT to nat my LAN clients accessing 172.21.0.0/16 to the OpenVPN connection IP, and it fixes my problem.